How to Stretch LAN to WAN in Neverfail Heartbeat V5.2.2 and Prior

Follow

Summary

This Knowledgebase article describes how to stretch a Neverfail Heartbeat V5.2.2 and prior LAN environment to a WAN by relocating the Secondary server.

More information

Neverfail provides for a simple transition from a LAN implementation to a WAN implementation allowing the passive (Secondary) server to be relocated to a distant location for both operational and data security reasons.

Procedure

Technical Prerequisites:

  1. Neverfail Heartbeat must be installed in an Active Directory Integrated DNS environment.
  2. Run SCOPE for 24 hours to measure the actual & required bandwidth across the proposed WAN link.
  3. Verify that at least one Domain Controller at the WAN site is configured as a Global Catalog.
  4. The Neverfail server must be a member of the domain.
  5. Verify that at least one DNS server is configured at the WAN site.
  6. Ensure that NIC speeds are configured as 'Auto-negotiate'.
  7. Configure hardware routers appropriately, so that principal (public) and channel traffic is routable across your WAN. Ensure that the WAN-link is operational and that there are NO networking issues:

Note: Neverfail recommends that channel and principal (public) IP addresses are in different subnets. If this is not possible, you will have to implement static routes. You should:

  • Ping successfully.
  • Have the IP addressing schema finalized (e.g. principal (public)/channel IP address of Secondary server at the WAN location).
  • Open any firewall ports as necessary (default Neverfail ports are 52267 and 57348).

Note: Neverfail recommends that 'MaxDiskUsage' be configured to 5GB and ensure that sufficient disk space is available.

LAN to WAN Stretch Process:

  1. Add the Domain Admin account to Neverfail.
    1. Login to the Neverfail Heartbeat Management Client.
    2. Click the Application button. Select the ‘Configuration’ tab and highlight ‘Neverfail Server’.
    3. Click Add under the ‘User Account’ section and supply the Domain Admin account details.
    4. Click OK .
  2. Using the Neverfail Heartbeat Management Client, shutdown Neverfail Heartbeat but leave all protected applications running.
  3. On the Secondary server with Neverfail Heartbeat stopped, unplug both the principal (public) network cable and Heartbeat Channel network cable/s.
  4. On the Secondary server, change the principal (public) IP address to be the correct principal (public) WAN IP address, default gateway, and subnet mask. The principal (public) IP should be set according to the local site IP schema. The Preferred DNS Server must point to a machine that is local to the Secondary server WAN site. Uncheck ‘Register this connection’s address in DNS” from the Network Card Properties.
  5. On the Secondary server, ensure that the principal (public) NIC is listed first in ‘Network & Dial-up Connections’, ‘Advanced Settings’.
  6. On the Secondary server, change the channel IP address to be the correct channel WAN IP address. Ensure ‘NetBIOS’ is disabled. Uncheck ‘Register this connection’s address in DNS’ from the Network Card Properties.
  7. On the Primary server, change the channel IP address to be the correct channel WAN IP address. Ensure ‘NetBIOS’ is disabled. Uncheck ‘Register this connection’s address in DNS’ from the Network Card Properties.
  8. On the Secondary server, from the Neverfail System Tray Icon, run Configure Server wizard. Click on the ‘Public’ tab and change the IP address to the principal (public) WAN IP address. Click on the ‘Channel’ tab and change the IP address of the Primary and Secondary servers’ channel IP addresses to the corresponding channel WAN IP addresses. Click Finish.
  9. On the Primary server, from the Neverfail System Tray Icon, run Configure Server wizard. Click on the ‘Channel’ tab and change the IP address of the Primary and Secondary servers’ channel IP addresses to the corresponding channel WAN IP addresses. Click Finish.
  10. On the Primary server, open the principal (public) network connection properties and uncheck ‘Register this connection’s address in DNS’. Click Close, then step 11 must be performed immediately otherwise the client will not be able to connect to the Primary server.
  11. On all DNS servers, manually add a Host (A) record and reverse pointer record for the Primary server address. Once done confirm all clients are able to connect to the Primary server.
  12. On the Secondary server, set the Neverfail R2 Server service to ‘Manual’. Power down and relocate the Secondary server to the remote WAN site.
  13. On the Secondary server, at the remote WAN site, connect the principal (public) and channel network cables and power up Secondary server.
  14. On the Primary server, add a persistent route for the Secondary server’s channel connection. See the note below for instructions on how to do this.
  15. Note: In a WAN implementation, it is required that persistent routes for channel communications be added to both Primary and Secondary servers. This is necessary, as the persistent route must be added to ensure that any communication with the channel network is in fact established via the physical channel NICs. To do this:

    1. Open ‘Routing and Remote Access’ from Administrative Tools.
    2. Select the server name, then go to the ‘Action’ menu and select ‘Configure and Enable Routing and Remote Access’ which will launch the configuration wizard.
    3. Select Custom Configuration -> LAN routing and make sure the RRAS service was started.
    4. Select the server again, navigate to ‘IP Routing’, and select ‘Static Routes’.
    5. From the ‘Action’ menu select ‘New Static Route’
    6. From the dropdown, select the channel interface and enter the destination channel IP followed by the mask 255.255.255.255 and the source machine gateway.
    7. Test the channel routing using “pathping -n Channel_IP” command to ensure that all the packets will be sent using the channel IP and not the principal (public) IP.

    Neverfail recommends avoidance of the interface ID usage when creating static routes using “route” command. This interface id cannot be used indefinitely, as it is a dynamic number that can increment each time a server is rebooted or a NIC is disabled/enabled making the route useless. For a trouble free WAN implementation, please use RRAS for implementing static routes.

  16. On the Secondary server, add a persistent route for the Primary server’s channel connection using the instructions above.
  17. On the Primary server, confirm that the server can route the packets correctly to the Secondary server channel address using the pathping command.
  18. On the Secondary server, confirm that the server can route the packets correctly to the Primary Server Channel address using the pathping command.
  19. On the Secondary Server, set the Neverfail R2 Server Service back to ‘Automatic’. Using the Neverfail System Tray Icon, select Start Neverfail Heartbeat.
  20. On the Primary Server, add the following on top of the Start.bat script using the example below. NFCMD is case sensitive. Note: The DNSUpdate command will ONLY work with DNS's that are part of the Active Directory.
  21. Echo NFCMD doExecuteAsUser <domain admin name> <domain name> "DNSUpdate -p <primary public IP address> -s <secondary public IP address>" <protected application name> start

    Note: This command can be repeated in the scripts when there are additional pairs of IP addresses.  It must also be a single line command.

  22. On the Primary server, using the Neverfail System Tray Icon, select Start Neverfail Heartbeat.
  23. Allow the initial synchronization process to complete – ignore the warnings: Warning - Domain does not match the zone. They will not influence the server functionality in any way (these warnings will not appear in Neverfail Heartbeat version higher than 5.0.3)
  24. On the Secondary server, add the following on top of the Start.bat script using the example below. NFCMD is case sensitive. Note: The DNSUpdate command will ONLY work with DNS's that are part of the Active Directory.
  25. Echo NFCMD doExecuteAsUser <domain admin name> <domain name> "DNSUpdate -p <primary public IP address> -s <secondary public IP address>" <protected application name> start

    Note: This command can be repeated in the scripts when there are additional pairs of IP addresses.  It must also be a single line command.

  26. Follow the Mandatory Tests section found in the latest Neverfail Heartbeat Acceptance Verification document found on the document downloads section of the Neverfail Extranet.


Applies To

Neverfail Heartbeat V5.2.2 and Prior


Related Information

Knowledgebase article #1431 : How to Stretch LAN to WAN in Neverfail Heartbeat V5.3.0 to V5.5.1

Knowledgebase article #1864 : How to Stretch LAN to WAN in Neverfail Heartbeat V6.0 and Later in a Primary - Secondary Configuration

KBID-531

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.